fix(server): prevent API caching

reearth · Sep 20, 2022 · 76405b2 · 76405b2
1 parent 430da0a
commit 76405b2
Showing 1 changed file with 16 additions and 7 deletions.
diff --git a/server/internal/app/app.go b/server/internal/app/app.go
@@ -90,17 +90,19 @@ func initEcho(ctx context.Context, cfg *ServerConfig) *echo.Echo {
 
 	// apis
 	api := e.Group("/api")
-	api.GET("/ping", Ping())
-	api.POST("/graphql", GraphqlAPI(cfg.Config.GraphQL, gqldev))
+	api.GET("/ping", Ping(), private)
 	api.GET("/published/:name", PublishedMetadata())
 	api.GET("/published_data/:name", PublishedData())
-	api.GET("/layers/:param", ExportLayer(), AuthRequiredMiddleware())
-	api.POST("/signup", Signup())
+
+	apiPrivate := api.Group("", private)
+	apiPrivate.POST("/graphql", GraphqlAPI(cfg.Config.GraphQL, gqldev))
+	apiPrivate.GET("/layers/:param", ExportLayer(), AuthRequiredMiddleware())
+	apiPrivate.POST("/signup", Signup())
 
 	if !cfg.Config.AuthSrv.Disabled {
-		api.POST("/signup/verify", StartSignupVerify())
-		api.POST("/signup/verify/:code", SignupVerify())
-		api.POST("/password-reset", PasswordReset())
+		apiPrivate.POST("/signup/verify", StartSignupVerify())
+		apiPrivate.POST("/signup/verify/:code", SignupVerify())
+		apiPrivate.POST("/password-reset", PasswordReset())
 	}
 
 	published := e.Group("/p", PublishedAuthMiddleware())
@@ -169,3 +171,10 @@ func errorMessage(err error, log func(string, ...interface{})) (int, string) {
 
 	return code, msg
 }
+
+func private(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+		c.Response().Header().Set(echo.HeaderCacheControl, "private, no-store, no-cache, must-revalidate")
+		return next(c)
+	}
+}